annotate svr-runopts.c @ 1715:3974f087d9c0

Disallow leading lines before the ident for server (#102) Per RFC4253 4.2 clients must be able to process other lines of data before the version string, server behavior is not defined neither with MUST/SHOULD nor with MAY. If server process up to 50 lines too - it may cause too long hanging session with invalid/evil client that consume host resources and potentially may lead to DDoS on poor embedded boxes. Let's require first line from client to be version string and fail early if it's not - matches both RFC and real OpenSSH behavior.
author Vladislav Grishenko <themiron@users.noreply.github.com>
date Mon, 15 Jun 2020 18:22:18 +0500
parents 435cfb9ec96e
children 5120e22882de
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * Dropbear - a SSH2 server
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 * SOFTWARE. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "runopts.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 #include "signkey.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "dbutil.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "algo.h"
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
31 #include "ecdsa.h"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32
1534
ed930fd6f60f Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents: 1499
diff changeset
33 #include <grp.h>
ed930fd6f60f Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents: 1499
diff changeset
34
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
35 svr_runopts svr_opts; /* GLOBAL */
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
36
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 static void printhelp(const char * progname);
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
38 static void addportandaddress(const char* spec);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
39 static void loadhostkey(const char *keyfile, int fatal_duplicate);
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
40 static void addhostkey(const char *keyfile);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 static void printhelp(const char * progname) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43
716
af4ef98b8591 Add URL to usage text
Matt Johnston <matt@ucc.asn.au>
parents: 706
diff changeset
44 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 "Usage: %s [options]\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 "-b bannerfile Display the contents of bannerfile"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 " before user login\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 " (default: none)\n"
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
49 "-r keyfile Specify hostkeys (repeatable)\n"
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
50 " defaults: \n"
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
51 #if DROPBEAR_DSS
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
52 " - dss %s\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
54 #if DROPBEAR_RSA
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
55 " - rsa %s\n"
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
56 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
57 #if DROPBEAR_ECDSA
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
58 " - ecdsa %s\n"
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
59 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
60 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
61 " - ed25519 %s\n"
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
62 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
63 #if DROPBEAR_DELAY_HOSTKEY
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
64 "-R Create hostkeys as required\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66 "-F Don't fork into background\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
67 #ifdef DISABLE_SYSLOG
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 "(Syslog support not compiled in, using stderr)\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 #else
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70 "-E Log to stderr rather than syslog\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71 #endif
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1445
diff changeset
72 #if DO_MOTD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73 "-m Don't display the motd on login\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75 "-w Disallow root logins\n"
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
76 #ifdef HAVE_GETGROUPLIST
1537
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
77 "-G Restrict logins to members of specified group\n"
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
78 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
79 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
80 "-s Disable password logins\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
81 "-g Disable password logins for root\n"
692
c58a15983808 Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents: 671
diff changeset
82 "-B Allow blank password logins\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
83 #endif
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
84 "-T Maximum authentication tries (default %d)\n"
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
85 #if DROPBEAR_SVR_LOCALTCPFWD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
86 "-j Disable local port forwarding\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
88 #if DROPBEAR_SVR_REMOTETCPFWD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
89 "-k Disable remote port forwarding\n"
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
90 "-a Allow connections to forwarded ports from any host\n"
1289
a23386821e9f Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents: 1210
diff changeset
91 "-c command Force executed command\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
92 #endif
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
93 "-p [address:]port\n"
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
94 " Listen on specified tcp port (and optionally address),\n"
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
95 " up to %d can be specified\n"
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
96 " (default port is %s if none specified)\n"
323
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
97 "-P PidFile Create pid file PidFile\n"
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
98 " (default %s)\n"
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1445
diff changeset
99 #if INETD_MODE
71
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
100 "-i Start for inetd\n"
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
101 #endif
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
102 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
622
e27d7fb23376 Mention that the value is in seconds
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
103 "-K <keepalive> (0 is never, default %d, in seconds)\n"
e27d7fb23376 Mention that the value is in seconds
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
104 "-I <idle_timeout> (0 is never, default %d, in seconds)\n"
1654
cc0fc5131c5c Rename EPKA -> Plugin
Matt Johnston <matt@ucc.asn.au>
parents: 1653
diff changeset
105 #if DROPBEAR_PLUGIN
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
106 "-A <authplugin>[,<options>]\n"
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
107 " Enable external public key auth through <authplugin>\n"
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
108 #endif
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 876
diff changeset
109 "-V Version\n"
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
110 #if DEBUG_TRACE
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 492
diff changeset
111 "-v verbose (compiled with DEBUG_TRACE)\n"
94
c85c88500ea6 DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents: 91
diff changeset
112 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
113 ,DROPBEAR_VERSION, progname,
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
114 #if DROPBEAR_DSS
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
115 DSS_PRIV_FILENAME,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
117 #if DROPBEAR_RSA
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
118 RSA_PRIV_FILENAME,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
120 #if DROPBEAR_ECDSA
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
121 ECDSA_PRIV_FILENAME,
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
122 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
123 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
124 ED25519_PRIV_FILENAME,
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
125 #endif
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
126 MAX_AUTH_TRIES,
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
127 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
128 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
129 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
130
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
131 void svr_getopts(int argc, char ** argv) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
132
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
133 unsigned int i, j;
1404
e8f67918fdc9 when pointer, use NULL instead of 0
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
134 char ** next = NULL;
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
135 int nextisport = 0;
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
136 char* recv_window_arg = NULL;
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
137 char* keepalive_arg = NULL;
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
138 char* idle_timeout_arg = NULL;
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
139 char* maxauthtries_arg = NULL;
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
140 char* keyfile = NULL;
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
141 char c;
1654
cc0fc5131c5c Rename EPKA -> Plugin
Matt Johnston <matt@ucc.asn.au>
parents: 1653
diff changeset
142 #if DROPBEAR_PLUGIN
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
143 char* pubkey_plugin = NULL;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
144 #endif
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
145
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147 /* see printhelp() for options */
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
148 svr_opts.bannerfile = NULL;
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
149 svr_opts.banner = NULL;
1289
a23386821e9f Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents: 1210
diff changeset
150 svr_opts.forced_command = NULL;
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
151 svr_opts.forkbg = 1;
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
152 svr_opts.norootlogin = 0;
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
153 #ifdef HAVE_GETGROUPLIST
1537
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
154 svr_opts.restrict_group = NULL;
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
155 svr_opts.restrict_group_gid = 0;
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
156 #endif
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
157 svr_opts.noauthpass = 0;
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
158 svr_opts.norootpass = 0;
692
c58a15983808 Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents: 671
diff changeset
159 svr_opts.allowblankpass = 0;
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
160 svr_opts.maxauthtries = MAX_AUTH_TRIES;
71
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
161 svr_opts.inetdmode = 0;
101
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
162 svr_opts.portcount = 0;
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
163 svr_opts.hostkey = NULL;
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
164 svr_opts.delay_hostkey = 0;
323
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
165 svr_opts.pidfile = DROPBEAR_PIDFILE;
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
166 #if DROPBEAR_SVR_LOCALTCPFWD
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
167 svr_opts.nolocaltcp = 0;
271
be18c7dd486e Fix up #ifdefs for tcp forwarding
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
168 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
169 #if DROPBEAR_SVR_REMOTETCPFWD
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
170 svr_opts.noremotetcp = 0;
271
be18c7dd486e Fix up #ifdefs for tcp forwarding
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
171 #endif
1654
cc0fc5131c5c Rename EPKA -> Plugin
Matt Johnston <matt@ucc.asn.au>
parents: 1653
diff changeset
172 #if DROPBEAR_PLUGIN
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
173 svr_opts.pubkey_plugin = NULL;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
174 svr_opts.pubkey_plugin_options = NULL;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
175 #endif
996
47643024fc90 Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents: 976
diff changeset
176
575
f9b5dc0cba61 - Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents: 568
diff changeset
177 #ifndef DISABLE_ZLIB
996
47643024fc90 Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents: 976
diff changeset
178 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED;
47643024fc90 Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents: 976
diff changeset
179 #endif
47643024fc90 Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents: 976
diff changeset
180
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181 /* not yet
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents: 24
diff changeset
182 opts.ipv4 = 1;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents: 24
diff changeset
183 opts.ipv6 = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
184 */
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1445
diff changeset
185 #if DO_MOTD
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
186 svr_opts.domotd = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
187 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
188 #ifndef DISABLE_SYSLOG
1210
64a50eac1030 Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents: 1197
diff changeset
189 opts.usingsyslog = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
190 #endif
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
191 opts.recv_window = DEFAULT_RECV_WINDOW;
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
192 opts.keepalive_secs = DEFAULT_KEEPALIVE;
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
193 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
194
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
195 #if DROPBEAR_SVR_REMOTETCPFWD
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
196 opts.listen_fwd_all = 0;
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
197 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
198
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
199 for (i = 1; i < (unsigned int)argc; i++) {
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
200 if (argv[i][0] != '-' || argv[i][1] == '\0')
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
201 dropbear_exit("Invalid argument: %s", argv[i]);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
202
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
203 for (j = 1; (c = argv[i][j]) != '\0' && !next && !nextisport; j++) {
1153
67d8a904f5a9 don't silently ignore extra flag arguments
Matt Johnston <matt@ucc.asn.au>
parents: 996
diff changeset
204 switch (c) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
205 case 'b':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
206 next = &svr_opts.bannerfile;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
207 break;
1289
a23386821e9f Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents: 1210
diff changeset
208 case 'c':
a23386821e9f Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents: 1210
diff changeset
209 next = &svr_opts.forced_command;
a23386821e9f Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents: 1210
diff changeset
210 break;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211 case 'd':
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
212 case 'r':
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
213 next = &keyfile;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
214 break;
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
215 case 'R':
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
216 svr_opts.delay_hostkey = 1;
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
217 break;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
218 case 'F':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
219 svr_opts.forkbg = 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
220 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
221 #ifndef DISABLE_SYSLOG
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222 case 'E':
1210
64a50eac1030 Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents: 1197
diff changeset
223 opts.usingsyslog = 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
224 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
225 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
226 #if DROPBEAR_SVR_LOCALTCPFWD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
227 case 'j':
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
228 svr_opts.nolocaltcp = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
229 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
230 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
231 #if DROPBEAR_SVR_REMOTETCPFWD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
232 case 'k':
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
233 svr_opts.noremotetcp = 1;
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
234 break;
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
235 case 'a':
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
236 opts.listen_fwd_all = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
237 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
238 #endif
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1445
diff changeset
239 #if INETD_MODE
71
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
240 case 'i':
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
241 svr_opts.inetdmode = 1;
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
242 break;
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
243 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
244 case 'p':
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
245 nextisport = 1;
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
246 break;
323
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
247 case 'P':
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
248 next = &svr_opts.pidfile;
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
249 break;
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1445
diff changeset
250 #if DO_MOTD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
251 /* motd is displayed by default, -m turns it off */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
252 case 'm':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
253 svr_opts.domotd = 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
254 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
255 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
256 case 'w':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
257 svr_opts.norootlogin = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
258 break;
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
259 #ifdef HAVE_GETGROUPLIST
1537
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
260 case 'G':
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
261 next = &svr_opts.restrict_group;
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
262 break;
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
263 #endif
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
264 case 'W':
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
265 next = &recv_window_arg;
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
266 break;
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
267 case 'K':
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
268 next = &keepalive_arg;
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
269 break;
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
270 case 'I':
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
271 next = &idle_timeout_arg;
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
272 break;
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
273 case 'T':
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
274 next = &maxauthtries_arg;
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
275 break;
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
276 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
277 case 's':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
278 svr_opts.noauthpass = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
279 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
280 case 'g':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
281 svr_opts.norootpass = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
282 break;
692
c58a15983808 Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents: 671
diff changeset
283 case 'B':
c58a15983808 Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents: 671
diff changeset
284 svr_opts.allowblankpass = 1;
c58a15983808 Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents: 671
diff changeset
285 break;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
286 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
287 case 'h':
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
288 printhelp(argv[0]);
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 876
diff changeset
289 exit(EXIT_SUCCESS);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
290 break;
442
d82a2a44c684 Add -u option to specify /dev/urandom instead
Matt Johnston <matt@ucc.asn.au>
parents: 435
diff changeset
291 case 'u':
446
2cd2edfa11ee Just use /dev/urandom since that's what everyone ends up using anyway.
Matt Johnston <matt@ucc.asn.au>
parents: 442
diff changeset
292 /* backwards compatibility with old urandom option */
442
d82a2a44c684 Add -u option to specify /dev/urandom instead
Matt Johnston <matt@ucc.asn.au>
parents: 435
diff changeset
293 break;
1654
cc0fc5131c5c Rename EPKA -> Plugin
Matt Johnston <matt@ucc.asn.au>
parents: 1653
diff changeset
294 #if DROPBEAR_PLUGIN
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
295 case 'A':
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
296 next = &pubkey_plugin;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
297 break;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
298 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
299 #if DEBUG_TRACE
94
c85c88500ea6 DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents: 91
diff changeset
300 case 'v':
c85c88500ea6 DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents: 91
diff changeset
301 debug_trace = 1;
c85c88500ea6 DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents: 91
diff changeset
302 break;
c85c88500ea6 DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents: 91
diff changeset
303 #endif
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 876
diff changeset
304 case 'V':
948
f92eb625c48d - Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents: 946
diff changeset
305 print_version();
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 876
diff changeset
306 exit(EXIT_SUCCESS);
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 876
diff changeset
307 break;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
308 default:
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
309 fprintf(stderr, "Invalid option -%c\n", c);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
310 printhelp(argv[0]);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
311 exit(EXIT_FAILURE);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
312 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
313 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
314 }
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
315
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
316 if (!next && !nextisport)
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
317 continue;
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
318
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
319 if (c == '\0') {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
320 i++;
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
321 j = 0;
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
322 if (!argv[i]) {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
323 dropbear_exit("Missing argument");
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
324 }
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
325 }
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
326
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
327 if (nextisport) {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
328 addportandaddress(&argv[i][j]);
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
329 nextisport = 0;
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
330 } else if (next) {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
331 *next = &argv[i][j];
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
332 if (*next == NULL) {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
333 dropbear_exit("Invalid null argument");
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
334 }
1404
e8f67918fdc9 when pointer, use NULL instead of 0
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
335 next = NULL;
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
336
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
337 if (keyfile) {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
338 addhostkey(keyfile);
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
339 keyfile = NULL;
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
340 }
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
341 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
342 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
343
101
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
344 /* Set up listening ports */
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
345 if (svr_opts.portcount == 0) {
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
346 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT);
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
347 svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS);
101
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
348 svr_opts.portcount = 1;
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
349 }
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
350
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
351 if (svr_opts.bannerfile) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
352 struct stat buf;
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
353 if (stat(svr_opts.bannerfile, &buf) != 0) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
354 dropbear_exit("Error opening banner file '%s'",
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
355 svr_opts.bannerfile);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
356 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
357
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
358 if (buf.st_size > MAX_BANNER_SIZE) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
359 dropbear_exit("Banner file too large, max is %d bytes",
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
360 MAX_BANNER_SIZE);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
361 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
362
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
363 svr_opts.banner = buf_new(buf.st_size);
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
364 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
365 dropbear_exit("Error reading banner file '%s'",
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
366 svr_opts.bannerfile);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
367 }
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
368 buf_setpos(svr_opts.banner, 0);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
369 }
1534
ed930fd6f60f Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents: 1499
diff changeset
370
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
371 #ifdef HAVE_GETGROUPLIST
1537
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
372 if (svr_opts.restrict_group) {
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
373 struct group *restrictedgroup = getgrnam(svr_opts.restrict_group);
1534
ed930fd6f60f Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents: 1499
diff changeset
374
1537
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
375 if (restrictedgroup){
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
376 svr_opts.restrict_group_gid = restrictedgroup->gr_gid;
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
377 } else {
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
378 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group);
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
379 }
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
380 }
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
381 #endif
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
382
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
383 if (recv_window_arg) {
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
384 opts.recv_window = atol(recv_window_arg);
492
b956d6151600 Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
385 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) {
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
386 dropbear_exit("Bad recv window '%s'", recv_window_arg);
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
387 }
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
388 }
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
389
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
390 if (maxauthtries_arg) {
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
391 unsigned int val = 0;
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
392 if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
393 || val == 0) {
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
394 dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg);
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
395 }
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
396 svr_opts.maxauthtries = val;
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
397 }
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
398
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
399
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
400 if (keepalive_arg) {
568
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
401 unsigned int val;
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
402 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) {
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
403 dropbear_exit("Bad keepalive '%s'", keepalive_arg);
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
404 }
568
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
405 opts.keepalive_secs = val;
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
406 }
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
407
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
408 if (idle_timeout_arg) {
568
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
409 unsigned int val;
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
410 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) {
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
411 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
412 }
568
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
413 opts.idle_timeout_secs = val;
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
414 }
1290
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1289
diff changeset
415
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1289
diff changeset
416 if (svr_opts.forced_command) {
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1289
diff changeset
417 dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command);
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1289
diff changeset
418 }
1654
cc0fc5131c5c Rename EPKA -> Plugin
Matt Johnston <matt@ucc.asn.au>
parents: 1653
diff changeset
419 #if DROPBEAR_PLUGIN
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
420 if (pubkey_plugin) {
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
421 char *args = strchr(pubkey_plugin, ',');
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
422 if (args) {
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
423 *args='\0';
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
424 ++args;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
425 }
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
426 svr_opts.pubkey_plugin = pubkey_plugin;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
427 svr_opts.pubkey_plugin_options = args;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
428 }
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
429 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
430 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
431
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
432 static void addportandaddress(const char* spec) {
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
433 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL;
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
435 if (svr_opts.portcount < DROPBEAR_MAX_PORTS) {
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
436
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
437 /* We don't free it, it becomes part of the runopt state */
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
438 spec_copy = m_strdup(spec);
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
439 myspec = spec_copy;
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
440
706
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
441 if (myspec[0] == '[') {
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
442 myspec++;
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
443 port = strchr(myspec, ']');
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
444 if (!port) {
706
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
445 /* Unmatched [ -> exit */
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
446 dropbear_exit("Bad listen address");
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
447 }
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
448 port[0] = '\0';
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
449 port++;
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
450 if (port[0] != ':') {
706
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
451 /* Missing port -> exit */
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
452 dropbear_exit("Missing port");
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
453 }
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
454 } else {
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
455 /* search for ':', that separates address and port */
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
456 port = strrchr(myspec, ':');
706
002cf09827c0 Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents: 692
diff changeset
457 }
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
458
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
459 if (!port) {
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
460 /* no ':' -> the whole string specifies just a port */
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
461 port = myspec;
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
462 } else {
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
463 /* Split the address/port */
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
464 port[0] = '\0';
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
465 port++;
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
466 address = myspec;
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
467 }
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
468
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
469 if (!address) {
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
470 /* no address given -> fill in the default address */
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
471 address = DROPBEAR_DEFADDRESS;
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
472 }
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
473
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
474 if (port[0] == '\0') {
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
475 /* empty port -> exit */
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
476 dropbear_exit("Bad port");
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
477 }
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
478 svr_opts.ports[svr_opts.portcount] = m_strdup(port);
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
479 svr_opts.addresses[svr_opts.portcount] = m_strdup(address);
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
480 svr_opts.portcount++;
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
481 m_free(spec_copy);
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
482 }
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
483 }
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
484
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
485 static void disablekey(int type) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
486 int i;
802
4029d3432a4f Fix broken disablekey()
Matt Johnston <matt@ucc.asn.au>
parents: 795
diff changeset
487 TRACE(("Disabling key type %d", type))
1678
4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
488 for (i = 0; sigalgs[i].name != NULL; i++) {
4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
489 if (sigalgs[i].val == type) {
4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
490 sigalgs[i].usable = 0;
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
491 break;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
492 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
493 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
494 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
495
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
496 static void loadhostkey_helper(const char *name, void** src, void** dst, int fatal_duplicate) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
497 if (*dst) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
498 if (fatal_duplicate) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
499 dropbear_exit("Only one %s key can be specified", name);
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
500 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
501 } else {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
502 *dst = *src;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
503 *src = NULL;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
504 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
505
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
506 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
507
101
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
508 /* Must be called after syslog/etc is working */
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
509 static void loadhostkey(const char *keyfile, int fatal_duplicate) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
510 sign_key * read_key = new_sign_key();
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
511 enum signkey_type type = DROPBEAR_SIGNKEY_ANY;
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
512 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) {
976
964d41e3aeb2 Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents: 948
diff changeset
513 if (!svr_opts.delay_hostkey) {
964d41e3aeb2 Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents: 948
diff changeset
514 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile);
964d41e3aeb2 Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents: 948
diff changeset
515 }
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
516 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
517
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
518 #if DROPBEAR_RSA
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
519 if (type == DROPBEAR_SIGNKEY_RSA) {
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
520 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
521 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
522 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
523
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
524 #if DROPBEAR_DSS
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
525 if (type == DROPBEAR_SIGNKEY_DSS) {
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
526 loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
527 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
528 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
529
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
530 #if DROPBEAR_ECDSA
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
531 #if DROPBEAR_ECC_256
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
532 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) {
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
533 loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
534 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
535 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
536 #if DROPBEAR_ECC_384
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
537 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) {
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
538 loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
539 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
540 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
541 #if DROPBEAR_ECC_521
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
542 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
543 loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
544 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
545 #endif
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 852
diff changeset
546 #endif /* DROPBEAR_ECDSA */
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
547
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
548 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
549 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
550 loadhostkey_helper("ed25519", (void**)&read_key->ed25519key, (void**)&svr_opts.hostkey->ed25519key, fatal_duplicate);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
551 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
552 #endif
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
553
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
554 sign_key_free(read_key);
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
555 TRACE(("leave loadhostkey"))
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
556 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
557
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
558 static void addhostkey(const char *keyfile) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
559 if (svr_opts.num_hostkey_files >= MAX_HOSTKEYS) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
560 dropbear_exit("Too many hostkeys");
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
561 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
562 svr_opts.hostkey_files[svr_opts.num_hostkey_files] = m_strdup(keyfile);
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
563 svr_opts.num_hostkey_files++;
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
564 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
565
1347
b28624698130 copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents: 1210
diff changeset
566
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
567 void load_all_hostkeys() {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
568 int i;
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
569 int any_keys = 0;
1681
435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents: 1678
diff changeset
570 #if DROPBEAR_ECDSA
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
571 int loaded_any_ecdsa = 0;
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
572 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
573
101
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
574 svr_opts.hostkey = new_sign_key();
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
575
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
576 for (i = 0; i < svr_opts.num_hostkey_files; i++) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
577 char *hostkey_file = svr_opts.hostkey_files[i];
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
578 loadhostkey(hostkey_file, 1);
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
579 m_free(hostkey_file);
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
580 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
581
1532
3616ec41d03d Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents: 1499
diff changeset
582 /* Only load default host keys if a host key is not specified by the user */
3616ec41d03d Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents: 1499
diff changeset
583 if (svr_opts.num_hostkey_files == 0) {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
584 #if DROPBEAR_RSA
1532
3616ec41d03d Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents: 1499
diff changeset
585 loadhostkey(RSA_PRIV_FILENAME, 0);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
586 #endif
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
587
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
588 #if DROPBEAR_DSS
1532
3616ec41d03d Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents: 1499
diff changeset
589 loadhostkey(DSS_PRIV_FILENAME, 0);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
590 #endif
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
591
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
592 #if DROPBEAR_ECDSA
1532
3616ec41d03d Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents: 1499
diff changeset
593 loadhostkey(ECDSA_PRIV_FILENAME, 0);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
594 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
595 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
596 loadhostkey(ED25519_PRIV_FILENAME, 0);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
597 #endif
1538
f20038b513a5 more linting (#58)
François Perrad <francois.perrad@gadz.org>
parents: 1537
diff changeset
598 }
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
599
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
600 #if DROPBEAR_RSA
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
601 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->rsakey) {
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
602 disablekey(DROPBEAR_SIGNKEY_RSA);
876
5bfce5dcd461 Fix disabling DSS key
Matt Johnston <matt@ucc.asn.au>
parents: 873
diff changeset
603 } else {
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
604 any_keys = 1;
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
605 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
606 #endif
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
607
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
608 #if DROPBEAR_DSS
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
609 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->dsskey) {
876
5bfce5dcd461 Fix disabling DSS key
Matt Johnston <matt@ucc.asn.au>
parents: 873
diff changeset
610 disablekey(DROPBEAR_SIGNKEY_DSS);
5bfce5dcd461 Fix disabling DSS key
Matt Johnston <matt@ucc.asn.au>
parents: 873
diff changeset
611 } else {
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
612 any_keys = 1;
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
613 }
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
614 #endif
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
615
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
616 #if DROPBEAR_ECDSA
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
617 /* We want to advertise a single ecdsa algorithm size.
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
618 - If there is a ecdsa hostkey at startup we choose that that size.
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
619 - If we generate at runtime we choose the default ecdsa size.
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
620 - Otherwise no ecdsa keys will be advertised */
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
621
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
622 /* check if any keys were loaded at startup */
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
623 loaded_any_ecdsa =
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
624 0
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
625 #if DROPBEAR_ECC_256
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
626 || svr_opts.hostkey->ecckey256
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
627 #endif
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
628 #if DROPBEAR_ECC_384
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
629 || svr_opts.hostkey->ecckey384
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
630 #endif
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
631 #if DROPBEAR_ECC_521
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
632 || svr_opts.hostkey->ecckey521
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
633 #endif
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
634 ;
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
635 any_keys |= loaded_any_ecdsa;
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
636
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
637 /* Or an ecdsa key could be generated at runtime */
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
638 any_keys |= svr_opts.delay_hostkey;
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
639
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
640 /* At most one ecdsa key size will be left enabled */
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
641 #if DROPBEAR_ECC_256
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
642 if (!svr_opts.hostkey->ecckey256
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
643 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 256 )) {
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
644 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256);
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
645 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
646 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
647 #if DROPBEAR_ECC_384
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
648 if (!svr_opts.hostkey->ecckey384
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
649 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 384 )) {
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
650 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384);
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
651 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
652 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
653 #if DROPBEAR_ECC_521
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
654 if (!svr_opts.hostkey->ecckey521
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
655 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 521 )) {
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
656 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521);
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
657 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
658 #endif
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
659 #endif /* DROPBEAR_ECDSA */
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
660
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
661 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
662 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->ed25519key) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
663 disablekey(DROPBEAR_SIGNKEY_ED25519);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
664 } else {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
665 any_keys = 1;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
666 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
667 #endif
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
668
876
5bfce5dcd461 Fix disabling DSS key
Matt Johnston <matt@ucc.asn.au>
parents: 873
diff changeset
669 if (!any_keys) {
1177
53751952ed95 mention dropbearkey too
Matt Johnston <matt@ucc.asn.au>
parents: 1176
diff changeset
670 dropbear_exit("No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.");
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
671 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
672 }